Single ECDH Curve for forward secrecy

Jan-Frederik Rieckers rieckers+freeradius-devel at
Fri Jan 31 10:39:10 CET 2020


I'm currently doing some research with the TLS client and server
implementations in EAP-TLS.

I have noticed, that Freeradius forces usage of one specific curve for
ECDH Key Exchange. Is there a specific reason for that?
( set_ecdh_curve in src/main/tls.c )

The standard is "prime256v1", which seems to be a good default, since
this curve is always in the SupportedGroups extension of the Client TLS
Hello. (For all clients I've seen so far)

But I'd like to change the default to something like X25519 and fall
back on others when this is not possible.

Kind regards

Jan-Frederik Rieckers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Devel mailing list